Method: services.check

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization Scopes
CheckError
- JSON representation
Code
CheckInfo
- JSON representation
ConsumerInfo
- JSON representation
ConsumerType

Checks whether an operation on a service should be allowed to proceed based on the configuration of the service and related policies. It must be called before the operation is executed.

If feasible, the client should cache the check results and reuse them for 60 seconds. In case of any server errors, the client should rely on the cached results for much longer time to avoid outage. WARNING: There is general 60s delay for the configuration and policy propagation, therefore callers MUST NOT depend on the services.check method having the latest policy information.

NOTE: the CheckRequest has the size limit of 1MB.

This method requires the servicemanagement.services.check permission on the specified service. For more information, see Cloud IAM.

HTTP request

POST https://servicecontrol.googleapis.com/v1/services/{serviceName}:check

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`serviceName`	`string` The service name as specified in its service configuration. For example, `"pubsub.googleapis.com"`. See google.api.Service for the definition of a service name. Authorization requires the following IAM permission on the specified resource `serviceName`: `servicemanagement.services.check`

serviceName

string

The service name as specified in its service configuration. For example, "pubsub.googleapis.com".

See google.api.Service for the definition of a service name.

Authorization requires the following IAM permission on the specified resource serviceName:

servicemanagement.services.check

Request body

The request body contains data with the following structure:

JSON representation
{ "operation": { object (`Operation`) }, "serviceConfigId": string }

Fields

Fields
`operation`	`object (Operation)` The operation to be checked.
`serviceConfigId`	`string` Specifies which version of service configuration should be used to process the request. If unspecified or no matching version can be found, the latest one will be used.

operation

object (Operation)

The operation to be checked.

serviceConfigId

string

Specifies which version of service configuration should be used to process the request.

If unspecified or no matching version can be found, the latest one will be used.

Response body

If successful, the response body contains data with the following structure:

Response message for the services.check method.

JSON representation
{ "operationId": string, "checkErrors": [ { object (`CheckError`) } ], "serviceConfigId": string, "serviceRolloutId": string, "checkInfo": { object (`CheckInfo`) } }

Fields
`operationId`	`string` The same operationId value used in the `CheckRequest`. Used for logging and diagnostics purposes.
`checkErrors[]`	`object (CheckError)` Indicate the decision of the check. If no check errors are present, the service should process the operation. Otherwise the service should use the list of errors to determine the appropriate action.
`serviceConfigId`	`string` The actual config id used to process the request.
`serviceRolloutId`	`string` The current service rollout id used to process the request.
`checkInfo`	`object (CheckInfo)` Feedback data returned from the server during processing a services.check request.

Authorization Scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/servicecontrol
https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CheckError

Defines the errors to be returned in google.api.servicecontrol.v1.CheckResponse.check_errors.

JSON representation
{ "code": enum (`Code`), "subject": string, "detail": string, "status": { object (`Status`) } }

Fields
`code`	`enum (Code)` The error code.
`subject`	`string` Subject to whom this error applies. See the specific code enum for more details on this field. For example: "project:" "folder:" "organization:"
`detail`	`string` Free-form text providing details on the error cause of the error.
`status`	`object (Status)` Contains public information about the check error. If available, `status.code` will be non zero and client can propagate it out as public error.

Code

Error codes for services.check responses.

Enums
`ERROR_CODE_UNSPECIFIED`	This is never used in `CheckResponse`.
`NOT_FOUND`	The consumer's project id, network container, or resource container was not found. Same as `google.rpc.Code.NOT_FOUND`.
`PERMISSION_DENIED`	The consumer doesn't have access to the specified resource. Same as `google.rpc.Code.PERMISSION_DENIED`.
`RESOURCE_EXHAUSTED`	Quota check failed. Same as `google.rpc.Code.RESOURCE_EXHAUSTED`.
`SERVICE_NOT_ACTIVATED`	The consumer hasn't activated the service.
`BILLING_DISABLED`	The consumer cannot access the service because billing is disabled.
`PROJECT_DELETED`	The consumer's project has been marked as deleted (soft deletion).
`PROJECT_INVALID`	The consumer's project number or id does not represent a valid project.
`CONSUMER_INVALID`	The input consumer info does not represent a valid consumer folder or organization.
`IP_ADDRESS_BLOCKED`	The IP address of the consumer is invalid for the specific consumer project.
`REFERER_BLOCKED`	The referer address of the consumer request is invalid for the specific consumer project.
`CLIENT_APP_BLOCKED`	The client application of the consumer request is invalid for the specific consumer project.
`API_TARGET_BLOCKED`	The API targeted by this request is invalid for the specified consumer project.
`API_KEY_INVALID`	The consumer's API key is invalid.
`API_KEY_EXPIRED`	The consumer's API Key has expired.
`API_KEY_NOT_FOUND`	The consumer's API Key was not found in config record.
`INVALID_CREDENTIAL`	The credential in the request can not be verified.
`NAMESPACE_LOOKUP_UNAVAILABLE`	The backend server for looking up project id/number is unavailable.
`SERVICE_STATUS_UNAVAILABLE`	The backend server for checking service status is unavailable.
`BILLING_STATUS_UNAVAILABLE`	The backend server for checking billing status is unavailable.
`CLOUD_RESOURCE_MANAGER_BACKEND_UNAVAILABLE`	Cloud Resource Manager backend server is unavailable.

CheckInfo

Contains additional information about the check operation.

JSON representation
{ "unusedArguments": [ string ], "consumerInfo": { object (`ConsumerInfo`) } }

Fields

Fields
`unusedArguments[]`	`string` A list of fields and label keys that are ignored by the server. The client doesn't need to send them for following requests to improve performance and allow better aggregation.
`consumerInfo`	`object (ConsumerInfo)` Consumer info of this check.

unusedArguments[]

string

A list of fields and label keys that are ignored by the server. The client doesn't need to send them for following requests to improve performance and allow better aggregation.

consumerInfo

object (ConsumerInfo)

Consumer info of this check.

ConsumerInfo

ConsumerInfo provides information about the consumer.

JSON representation
{ "projectNumber": string, "type": enum (`ConsumerType`), "consumerNumber": string }

Fields

Fields
`projectNumber`	`string (int64 format)` The Google cloud project number, e.g. 1234567890. A value of 0 indicates no project number is found. NOTE: This field is deprecated after Chemist support flexible consumer id. New code should not depend on this field anymore.
`type`	`enum (ConsumerType)` The type of the consumer which should have been defined in Google Resource Manager.
`consumerNumber`	`string (int64 format)` The consumer identity number, can be Google cloud project number, folder number or organization number e.g. 1234567890. A value of 0 indicates no consumer number is found.

projectNumber

string (int64 format)

The Google cloud project number, e.g. 1234567890. A value of 0 indicates no project number is found.

NOTE: This field is deprecated after Chemist support flexible consumer id. New code should not depend on this field anymore.

type

enum (ConsumerType)

The type of the consumer which should have been defined in Google Resource Manager.

consumerNumber

string (int64 format)

The consumer identity number, can be Google cloud project number, folder number or organization number e.g. 1234567890. A value of 0 indicates no consumer number is found.

ConsumerType

The type of the consumer as defined in Google Resource Manager.

Enums
`CONSUMER_TYPE_UNSPECIFIED`	This is never used.
`PROJECT`	The consumer is a Google Cloud Project.
`FOLDER`	The consumer is a Google Cloud Folder.
`ORGANIZATION`	The consumer is a Google Cloud Organization.
`SERVICE_SPECIFIC`	Service-specific resource container which is defined by the service producer to offer their users the ability to manage service control functionalities at a finer level of granularity than the PROJECT.